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[5TJ ABSTRACT 

A method -an apparatus for block or stream encrypting text 
uses an autokeyed rotational state vector to encrypt plain 
text to yield cipher text The text is stored as a block in a 
buffer of an arbitrary number of bytes. Each byte of plain 
text in the buffer encrypted to yield a byte of cipher text by 
using a rotational state vector, and the rotational state vector 
is updated or changed as a function of one or more of: the 
cipher text, the plain text and a key. The encryption opera- 
tion is advantageously a scries of alternating non-linear and 
linear transformations. The method of encryption is advan- 
tageously involutory in that the encryption method and 
apparatus for a given key is identical to the decryption 
method and apparatus with the same key. 

7 Claims, 4 Drawing Sheets 
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METHOD AND APPARATUS FOR AUTOKEY text symbols "E" and T to the most common cipher text 

ROTOR ENCRYPTION symbols since "E" and 'T* are the most frequently occurring 

letters in the English language. 
TECHNICAL FIELD One method for making a cipher more difficult to break is 

The invention relates to the field of cryptography. 5 t0 *° ^ U< *^? &V ?** S ** Tt 

v so render the statistical properties of a language less useful 

BACKGROUND in breaking the cipher. This may be accomplished by using 

multiple cipher alphabets, to be used in rotation, thereby 

Cryptographic (or cipher) systems and techniques are creating a polyalphabetic cipher. See e.g. D. Denning, Cryp- 
designed to render communications unintelligible to all 1Q tography and Data Security, Addison-Wesley Pub. Co.,. 
except an intended recipient Until recently, the use of Reading, Mass., 1982. Rotor or wired codewheel machines, 
cryptographic systems and techniques has been largely sucn as the Enigma machine used by the Germans in World 
confined to governments primarily for military and diplo- War n, implement poiyalphabetic substitution ciphers. A 
malic applications. However, the use of communications rotor machine consists of a bank of rotors. The perimeter of 
networks (e.g. cellular systems, computer networks, cable 15 each rotor has a set of electrical contacts (e.g. a contact for 
television systems) by the private sector as a means of each letter A to Z) on both its front and rear faces. Each 
transf erring, storing and processing information relating to contact on the front face is wired to a contact on the rear face 
electronic mail, to transactions involving the exchange of to implement a one-to-one mapping of a plain text letter to 
goods, services and financial credit s^payments, etc., has a cipher text tetter. Each rotor can rotate into 26 positions, 
given rise to a need to protect the information in these ^ and the rotors are rotated according to a type of motion (as 
communication networks from unauthorized disclosure or for example an odometer type of motion) after each plain 
modification. text letter is encrypted. 

This need has, in turn, led to the deployment of crypto- To encrypt a message in a rotor machine, a single plain 
graphic systems and techniques by the private sector in such text letter or symbol enters the bank of rotors at one end, 
communications networks. For example, cellular communi- ^ travels through the rotors in succession, and emerges as a 
cation networks may employ cryptographic systems to cipher text symbol or letter at the other end The key for such 
ensure privacy of communications as disclosed in U.S. Fat rotor machines will typically specify which particular rotors 
No. 5,159,634 issued Oct 27, 1992 and assigned to assignee will romprise the bank of rotors, the order of the rotors in the 
of this invention. Other communication networks, as for bank of rotors, the starting point of the rotors, etc. The key 
example networks linking automatic teller machines, use the ^ may also specify parameters of the rotor motion. For 
well-known Data Encryption Standard (DES) to encrypt example in the case of odometer-type rotor motion, the key 
information. See, National Bureau of Standards, "Data may specify the point (e.g. at the symbol i "Q") at which one 
Encryption Standard.'* Fed Inf. Process. Stand. PubL 46, rotor in a bank of rotors causes another rotor in the bank to 
January 1977. Cryptographic systems are advantageously advance. The cipher is difficult to break because, typically, 
implemented, for example, in special purpose chips, on 35 the state of the rotor mechanism (I.e. the wiring of the 
general-purpose personal computers, or on dedicated micro- one-to-one mapping in each rotor, the starting position of the 
processors imbedded in consumer electronics products. rotors relative to each other and the motion of the rotors 
Cryptographic techniques may be executed by program code relative to each other after encrypting) is unknown, 
in a variety of programming languages such as C, Rotor machine encryption systems, however, have several 
FORTRAN, etc. 40 shortcomings. First the speed of encryption is limited by the 

The information to be encrypted is known as "plain text** speed and reliability of the rotor mechanism. Second, if the 
Plain text comprises symbols selected from an alphabet An rotor motion is the same after each plain text letter or symbol 
alphabet is a set of symbols arranged in a fixed order, as for is encrypted (as may be necessary due to mechanical 
example the modem English alphabet where the symbols are constraints), the cipher becomes easier to break. Although 
letters arranged {A, B, . . . Z}. Another example of an 45 these two problems may be addressed by implementing 
alphabet is the alphabet of 4 binary symbols arranged {00, encryption systems in software, still other problems remain. 
01, 10. 11}. The plain text is transformed by a function In particular, while rotor machines are capable of providing 
characterized by a parameter called a "key* 1 into "cipher a high degree of security (the German Enigma ciphers were, 
text." The encryption transformation is sometimes referred with immense labor, broken by the Allies in World War H 
to as a cipher. so but some of the rotor ciphers used by Allies seem to remain 

One very old cipher is the Caesar cipher, a monoalpha- unbroken today), it is often difficult during the design 
betic substitution cipher attributed to Julius Caesar. In the process to predict how difficult the cipher will be to break. 
Caesar cipher, far a given alphabet each symbol in the plain Another technique for encrypting information uses 
text is shifted by specified amount to generate a correspond- autokey ciphers. As the name suggests, an autokey cipher is 
ing symbol in the cipher text For example, for an alphabet 55 one in which para mc.ter5-use4i n me encr yption process^ e, 
comprising the symbols A to Z t if the plain text is "DOG" tricJte ey^ areautpmaUc aUyjchanged or ui^cd-bascd on^for 
and the symbol shift or key is specified as three, the cipher example, the pJam„text .andyc>r^me^dphcctext^A simple 
text is "GRT because the symbols G, R and J are three ""example of an autokey cipher is one where an initial key 
places to the right of D. O and G, respectively. In this case, "BLUE" is used to encipher the plain text "FLY AT ONCE." 
the function for transforming the plain text to cipher text is 60 The four letters of the key are aligned with the first four 
a one-to-one mapping. A monoalphabetic substitution cipher letters of the plain text, Le. "B" with "F". "LT with M L". "IT 
preserves the frequency distribution of the plain text sym- with **Y™ and "E" with "A". Each pair of aligned letters is 
bols in the cipher text. Thus, such a cipher is readily "added" (modulo 26) in the sense that "B" is the first letter 
decrypted or broken by taking advantage of the statistical of the alphabet (assuming "A" is the zeroeth letter) and "F" 
properties of natural languages and by noting the relative 65 is the fifth letter, and since 1+5 is 6, the plain text t4 F* is 
frequencies of symbols and combinations of symbols in the enciphered as the sixth letter. "G". Similarly, "L M is the 
cipher text as for example by tentatively assigning the plain eleventh letter of the alphabet; 11+11 is 22, and thus the 
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plain text W L* in the message is enciphered as **W\ the 22nd for an encryption technique and apparatus that is easily 

letter of the alphabet. Continuing this procedure for the first implemented at low cost that will provide an adequate level 

four plain text letters. "FLY A" yields the cipher text of security for private sector applications. 
"GWSB*\ To encrypt the next four letters of plain text *T 

ONC, the bey is advantageously chosen to be the previ- 5 SUMMARY 

ously four letters of ^tv^ t**, u accordance with the present invention it is recognized 

S^^J^^Z^^l that inaeao of denni^ nxmg relationship between 

rest of the message. Consequently, until the recent avail- alphabets in a polyalphabetxc cipher in terms of a specific 

ability of techniques (such as use of error correcting codes) *W <* •**">»• such as an odometer type of motion, that an 

to ensure low probabilities of error in transmission, autokey auto^e4 rotobonal ^vector may be used to vary the 

ciphers have not been favored. relationship between the alphabets in the cipher during the 

r _. . , . , , . . . . „ „__*!„_ encryption process. The rotational state vector is advanta- 

tT^r USU81 Tfr^ZZZfSJ The cWgTupdating of mutational state vedor after 

codewheels is stopped or "£^<l* foUow - e „ayptiofv!ries meSonships between alphabets in me 

ing the encryption of a particular plain text letter. dpter*ereby making the dphTmore difficult to break. In 

The particular system or technique used to encrypt infor- ^ one embodiment of the inventive method a 

mation will often depend on issues such as: the level of M ^ a mtadoj ^ ^ to enaypt a plain tert 

security required (ue. how difficult should it be for unin- ^ t0 g e ^ a ^ hcrtatbyte . T1lcrotatiol ^ statevcct o r 

tended recipients to decrypt or break the encrypted {g autoie ^ ^ changing one or more values associated 

information), the cost and complexity of implementation, ^ ^pective elements in the rotational state vector, the 

the type or format of data to be encrypted, etc. Li cases changillg being , ft^on of one or more of: the cipher text 

where the information is represented as a series of binary 25 b ^ ^ e ^ ^ byte . m a second embodiment a block 

digits or bits, the information is advantageously encrypted as ' *\ . (he rotadoQal state vector , a block of 

a stream, e.g. on a byte-by-byte basis where a byte com- ^tMoMaita yield an encrypted block of information 

prises one or more binary digits. In stream ciphers, toe wherek me roUrioMl ^ vector is updated as a function 

encryption of prior bytes of plain text may affect the rf one ^ more of: a byte in said block of information, an 

encryption of later bytes (i.e. of those bytes downstream 30 eDC rypted byte m said block of encrypted Mediation or the 

from the prior bytes) in that the later bytes may be encrypted ' 
as a function of the prior bytes of plain text and their 

corresponding cipher text In other eases the data to be BRIEF DESCRIPTION OF THE DRAWINGS 

encrypted has a format of either a fixed-length block of , , 

information (comprising, for example, a specified number of 35 FIG. 1 illustrates a system in which the inventive method 

bytes of information) or of blocks whose lengths are and apparatus may be used. 

restricted to a set of possible lengths. FIG. 2 is a flow chart for encrypting text using the 

An encryption system or technique which encrypts a inventive method, 

block of information, where the result of the encryption is FIG. 3 is a block diagram of a system for encrypting text 

independent of the encryption of other blocks, is known as 40 using a rotational state vector that is updated, 

a block cipher. In a block cipher the encryption of any one pjQ 4 ls „ flow gn,,, 0 f steps in the inventive method of 

bit is a function of one or more other bits in that block but updating a rotational state vector using autokcying. 

not of bits in . atta r blocks. For example. theDES referred to for encrypting a byte of 

above is a block cipher that encrypts information in 64 bit ^ r 

blocks where the encryption of any one bit in the 64 bit block 45 P *"V, ' - , . ... 

isafunctic*ofeacho^ FIG. $ is a flowchart for decrypting text using the inven- 

not a function of bits in other blocks. Block ciphers may also tivc method. 

be used, far example, in protocol applications where, for FIG. 7 is a diagram of a system for implementing the 

example, a customer may connect to a network to request inventive method. 

information regarding financial transactions the customer 30 rurrAiT un nR^RiwrnM 
has made or to direct that certain transactions be executed. ubiaujsu utx*j*ur i^n 
In such a situation, the network may challenge the customer FIG. 1 illustrates a system in which the inventive method 
to provide a set responses to a series of prompts from the and apparatus may be used Hie system of FIG. 1 conveys 
network before responding to the customer's requests and information (e.g. signals representing voice, text, data, 
directions. Such responses may include specifying an 35 video) via broadband signals from central office 120 to 
account number, providing identification information, etc. neighborhood ISO, comprising endpoints 140^. Each end- 
Not all of the responses will need to be encrypted, but some point is, for example, a business establishment or residence 
particular responses, e.g. identification information, will which comprises communication devices (e.g. telephones, 
probably be encrypted for privacy reasons. The identifica- televisions, personal computers) which will send and/or 
tion information is advantageously of fixed length (e.g. a 60 receive information in the broadband signal. The broadband 
social security number and a 4 digit personal identification signal advantageously combines both telephony services 
number), and such fixed length information, intended to be (such as plain old telephone service provided by telephone 
transmitted at a known point in the set of responses switch/processor 121 which is connected to a telephone 
prompted by the protocol, may be encrypted with a block network) and other information from service provider 110-y 
cipher. 65 (such as cable television channels or interactive television 
Despite the variety of encryption techniques and imple- services as provided, for example, by service provider 
mentation options for those techniques, there remains a need 110-1) in optical switch 122. The broadband signal is 
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advantageously earned via fiber optic cable 125 to fiber updating includes causing no change in the value of de- 
code 169 where the broadband signal is then carried on ments in the rotational state vector, 
coaxial cable 135, to neighborhood 18©,. Coaxial cable 135, The techniques and apparatus may be implemented using 
and fiber optic cable 125 also carry return signals compris- M 8 -blt microprocessor such as an 8085 or 680x, using a few 
148 S1 m,CTactlve semces etc, from s huDdre(1 bytes of FOgram (e . g C Uaguage code) and 
endpoin Vo^. permanent data (e.g. data stored in read only memory) and 

As the system of FIG. 1 illustrates, central office 120 ^f ew ^ or S0 6 bytes of access memory. More 

generates toe broadband signal for transmission to neigh- partic ularly, the inventive method, as described in an 

borhood 180 The broadband sigi^ ct^mg iiifonna- embodiment advantageously assumes that the infor- 

tton required by all endrx^ts m neighborhood 180,, wfllbc 10 to te e^p^i (ol decrypted) is stored in a buffer of 

transmitted on coa^caWe 135, that is connected to every „ ^ h „ bytcs long . 

endpoint in neighborhood 180,. In short, every phone call sknled in the art will recognize a "byte" may comprise any 

and every cable television channel required by any one number of bits, and mat 8-bit bytes are advantageously used 

endpoint in neighborhood 180, will be earned on coaxial hmin ^ informalioll contained in the buffer is subjected 

cable 135,. Thus, to ensure that a particular endpoint 15 t0 , series of transfc^tions. The final contents of the buffer 

receives only the urformahon intended for that particular m me CBaypted (or data. In the discussion 

endpoint, toe information is advantageously encrypted at it is assumcd ^ ^ bytes of information in toe 

central office 120. Each particular endpoint is provided with buffcr mc numbered from left to right (buf[0]. buf[l], . . . 

to own key (as advantageously assigned by central office bnftn-1]), where each byte comprises 8 bits; Each 8-bit 

120) which allows the particular endpoint to decrypt only » is advantageously regarded as representing a whole 

that information intended for that particular endpoint. number in me ^ 0 , 0 255 mclllsive< ^ a, e g- b it 

Similarly, return signals from a particular endpoint may b ^ s ^ advantageously be used as ASCII code to 

advantageously be encrypted using ^particular endpoint s ent ^Rets and symbols. Whenever arithmetic is per 

assigned key. and, because toe central office assigned the formed on these bytes, the arithmetic is advantageously 

keys originally, the central office can use the appropriate key ^ moduIo ^ (aJca . 8 bit 2's complement) so that the result 

to decrypt the return signals. h anomer ^ byte A tey (k) of 12 byteS( denoted (k[0]. 

The encrypted information sent from central office 120 is y ij y ^ ^ advantageously assumed. 

advantageously fecrypted at endpoint M0, in network nG i m ^ , flow chart of a „ ener ^ on memod 

mterfacing unit (NITJ) 150^ which then povides decrypted m ^ tedmi and A^ndix I contains a C 

r^!L wmiiuinication devices within *> for dementing the inventive method. The 

endpoint 140, (e.*to telephone 160^, television 179^, ^^^^ steps 220 and 240 of FIG. 

personal computer 180^). Similarly, ^formation from end- 2 ^ £ M M fa ad £ntageously combined 

point 14©^ is encrypted in NHJ 150^ prior to transmission ^ ^ ( ^ s jJJ ^ ^ 2j 0 ) t0 

to cent* office 120. Encryption ,s thus used: 1) to assure ^ j, ^'ifficult for unintended recipients of the 

privacy in that information transmitted between central 33 e tcd ^^0,, (produced by steps 210-250) to 

office 120 and communication devices in a particular end- decrvot the information 

point are not accessible to other endpoints, and 2) to ensure accr YP l '...„.„ . , . . 

that only those endpoints which have paid for services (e.g. * ™ G - 2 let * re P resent » M<x*of iirformation (plain text) 

premium cable television channels) receive those services. to * encrypted. In step 210 the block of plain text is input 

Thus, the encryption (and corresponding decryption) tech- 40 t0 a buffer of length » contents of the buffer are 

nique and apparatus in NIU 150„„ must both ensure privacy f "btractod fromakey (k). The result is a block of encrypted 

and prevent theft of services, but such a technique and information b ("block b"). For convenience, the operation in 

apparatus must be readily and easily implemented so as to be block 21 ® ""V of as b=k-a. The key is a set of 

commercially viable in the private sector. parameters advantageously stored in 12 bytes as noted 

The inventive encryption technique and apparatus « ^ and 11,(5 ™ b ^°" is a subtactive modulo 256 

described below is advantageously implemented in NIU Vl 8 en T cn <^P*°" wtacfa } 2 *W byt . es 

150^ in toe system of FIG. 1. The invention combines suc^ssioiucychcaUy, untdeach byte of plain text intoe 

autokey and rotor encryption techniques. In particular, the buffer has beenencrypted. The r* byte in the buffer, bufli], 

method may be used as a stream cipher in which one or more "^f? ™ m ^ 3 ,s c< ' ual J . to 1 takcn 

values of elements in a rotational state vector, used to 50 ^ ^ '° dc l l A J > f ,1 ^I ~f CS ^ ndm6 ° s ^ p 

encrypt a plain byte to yield a cipher text byte, are changed 210 i S delineated by a bracket with -210 written next to the 

as a function of one or more of: the cipher text byte or the 0 

plain text byte. The rotational state vector is thus a sequence Ste P ^ X2kcs Dlock 0 in * € buffer 40(1 outputs an 

of values, akin to the bank of rotors in the rotor machines encrypted block of text c using the inventive technique 

described above. The method may also be used as a block 55 wnicn combines autokey and rotor encryption. For 

cipher for encrypting a block of information, the block of convenience, the operation of step 220 is termed M 1 so that 

information comprising a plurality of bytcs, by first advan- c=M A b. The code in Appendix I corresponding to step 220 

tageously initializing the rotational state vector as a function is delineated by a bracket with "22T written next to the 

of a key. Next, for each byte in the plurality of bytes, each bracket 

byte is processed through an alternating cascade of non- 60 FIG. 5 is a block diagram of a system for executing the 

linear and linear transformations to yield a corresponding operation of step 220 in which a single 8-bit plain text byte 

encrypted byte in the block of encrypted information, in block b is encrypted to yield text a single encrypted 8-bit 

wherein the linear transformations are a function of the cipher text byte in block c and in which a sequence of values 

rotational state vector. The rotational state vector is then of elements in the rotational state vector, used in the encryp- 

updated as a function of one or more of: a byte in said block 65 tion process, is changed (if the system of is used as a stream 

of information, an encrypted byte in said block of encrypted cipher) or updated (if the system is used as a block cipher) 

information or the key. In the context of a block cipher, as a function of one or more of: the encrypted 8-bit cipher 
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text byte In block c, the 8-bit plain text byte in block b or a subtract die i* byte from the third rotation state vector and 

key for the cipher. Although the term "rotational state save the result in the i* byte 

vector** is used due to similarities of the operation in step translate the i* byte according to table R to get a result 

220 and the wired codcwheels used by the Germans in World stored in the i byte 

War n as described above, it is not necessary to use wired 5 subtract the i* byte from the fourth rotation state vector 

codewheels in implementing the inventive technique and and save the result in the i byte, 

apparatus. Instead, one can advantageously use the sequence As indicated in the code listing in Appendix L a variable y 

of values of elements in the rotational state vector to can also be used as temporary storage for the value of buf[i]. 

represent the current rotational positions of each of the In step 430 the rotational state vector is updated as a function 

rotors, and use a series of arithmetic operations and table 10 of onc 01 mor * tot ? plain text or the key. 

look-ups to simulate the effect of passing an electric current An example of updating the rotaUonaJ state vector k given 

througha bank of rotors (Le. to represent the wiring of the in the code kshng ^ ^pendix L As tte oainpte u the code 

- \ c v i • a i * i indicates, before encrypting the next byte of text b in the 

one-to-one Wng). Each value is advantageously stored ^ original valSeof the byte (asrtored temporarily 

as an 8-brt byte and the bytes arc stored m a one dimensional ^ %) . cn ^ d ^ addcd to mc ^ t md thS^otation 

array or vector in a ^rnemory device. The updating (in toe 15 ^ ^ componcnts , and me ^ value of the byte 

case of a block cipher) or the changing (in the case of a encrypted is added to the second and fourth rotation state 

stream cipher) of the values of elements in the rotational vector components. The J* key byte, kfl], where j=M 

state vector is equivalent to the moving or rotating of the modulo 12, is also added to the second rotation state vector, 

rotors relative to each other. in steps 440 the counting parameters are updated, and step 

In FIG. 3 encryption processor 320 encrypts a byte of text 20 450 directs that the encryption process continue until all text 

in b to generate a byte of cipher text in c using input from in the buffer is encrypted. 

translation table 330 and from rotational state vector 310. In Returning to FIG. 2, in step 230 the bytes in the buffer 

encrypting a stream of plain text, values of elements in holding text c are "flipped" to yield text d in the buffer. The 

rotational state vector are then changed as a function of one flipping operation exchanges the contents of the first and last 

or more of: the plain text byte or the cipher text byte. In the 35 bytes, the contents of the second and next-to-last bytes, and 

context of using the system of FIG. 3 for encrypting a block so on. For example, if the buffer contains six 8-bit bytes 

of information, the block of information comprising a plu- representing whole numbers between 0 and 255 equivalent 

rality of words, the rotational state vector may be updated to the ASCII representation of the text X ARB ON**, the 

(which includes the case of making no change to values of flipping operation would cause the contents of the buffer to 

elements in the rotational state vector) as a function of one 30 produce the six 8-bit bytes corresponding to the ASCII text 

or more of; encrypted bytes, plain text bytes or the key. "NOBRAC*. The code in Appendix I corresponding to step 

A flowchart in FIG. 4 illustrates the details of step 220 and 230 is delineated by a bracket with "230" written next to the 

the operation of the system of FIG. 3. In step 405 a rotational bracket Step 230 thus ensures that the later bytes encrypted 

state vector is advantageously initialized as a function of the by step 220 affect the encryption of the bytes encrypted 

key, e.g. the four rotational state vector components, desig- 33 earlier by step 220. 

nated (p[0], p[l), p[2], p{3]) in the code listing in Appendix In step 240 another left-to-right autokey rotor encryption 

L are initialized using the first four words in the key. Steps operation termed M 2 is used to encrypt text d in the buffer 

407. 408 and 409 initialize counting parameters i and j used to yield text e in the buffer, i.e. e=M 2 d. The encryption 

to ensure that each byte in the buffer of length n is encrypted advantageously uses translation table RI (described below) 

in its turn. In step 420 the i rt byte is advantageously 40 and a four byte rotation state vector such that the M 2 

encrypted by subjecting it to an alternating series of non- encryption is the "inverse** of the M A encryption of step 220. 

linear and linear transformations using a translation table By inverse it is meant that if the M 1 encryption of step 220 

(explained in detail below) and the rotational state vector, was applied to the contents of a buffer and if the M 2 

respectively. Step 420 is illustrated in greater detail in FIG. encryption of step 240 (without intervening step 230) imme- 

5 which illustrates the alternating cascade of transforma- 45 diately followed, then no net change to the buffer contents 

tions. By interleaving the linear operations (eg. additions would occur. Like step 220 above, step 240 encrypts the 

and subtractions) with non-linear operations (e.g. look-ups contents of bufli] by subjecting the i* byte to an alternating 

in translation tables), the effect of the key is amplified — a series of o^nsformations or operations using an inverse 

key value subtracted late in the encryption process will not translation table and the rotational state vector. The alter- 

cancel the effect of the same key value added earlier, 50 nating series of operations in step 240 advantageously take 

because of the intervening non-linear table look-ups. The the form of: 

alternating series of transformations comprises five look-up save the value of i th the byte in y 

operations and four arithmetic steps. The alternating series translate the i* byte according to table RI to get a result 

of transformations or operations advantageously take the stored in i** the byte 

form of: 35 subtract the i* byte from the fourth rotation state vector 

save the value of the i* byte in x and save the result in the i* byte 

translate the i* byte according to table R to get a result translate the i* byte according to table RI to get a result 

stored in i* the byte stored in i* the byte 

subtract the V* byte from the first rotation state vector and ^ subtract the i* byte from the third rotation state vector and 

save the result in the I th byte save the result in the i* byte 

translate the i* byte according to table R to get a result translate the i* byte according to table RI to get a result 

stored in i* the byte stored in me i* byte 

subtract the i* h byte from the second rotation state vector subtract the i* byte from the second rotation state vector 

and save the result in the i* byte $5 and save the result in the i* byte 

translate the I th byte according to table R to get a result translate the i* byte according to table RI to get a result 

stored in the i r byte, stored in the i byte 
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subtract the i* byte from the first rotation state vector and communication devices which utilize decrypted information 

save the result in the i* byte received from central office 120 or which generate informa- 

The steps of the M 3 operation may be implemented in a tion to be encrypted prior to transmission to central office 

manner similar to the implementation of the M 1 operation of 120. RAM 735 advantageously is used to store information 

step 220 as illustrated in FIG. 3, and the code in Appendix 5 which is updated or which is dynamic, such as the rotational 

I corresponding to step 2M is delineated by a bracket with state vector, the key and the buffer containing text for 

4 740" written next to the bracket. encryption or decryption. ROM 725 advantageously stores 

In step 250, the text e is subtracted from the key to yield unchanging parameters or information, such as the transla- 
tive final cipher text, designated k-e. In particular, step 250 tion table and its inverse as well as program code listing the 
is a subtractive modulo 256 Vigenere encryption in which all to operations to be executed by microprocessor 715. Those 
12 key bytes are used in succession, cyclically, until each skilled in the art will recognize that other memory devices, 
byte in the text e has been encrypted. This is essentially the e.g. EFROMS, may be used in place of RAM 735 and ROM 
same operation as in step 210. The code in Appendix I 723 and that dedicated hardware may be used in place of 
corresponding to step 250 is delineated by a bracket with microprocessor 715. 

"250" written next to the bracket 15 disclosure describes a method and apparatus for 

Note that as a consequence of attempting to keep the code enaYptioiL The method and apparatus disclosed herein have 

in Appendix I relatively small, the inventive method is ^ ^ scribtd without reference to specific hardware or 

involutory, i.e. the encryption operation with a given key is so ftware. Instead, the method an apparatus have been 

identical to the decryption method with the same key. FIG. described in such a manner that those skilled in the are can 

6 illustrates mis principle by illustrating the steps in a 20 readily adapt such hardware or software as may be available 

method for decrypting information encrypted using the or preferable for particular applications. While toe above 

method of FIG. 2. In step 610 the cipher text, k-c as output tMcbings 0 f the present invention have been in terms of 

by step 250, is subtracted from the key. Such an operation, cocr ypting 8-Wt bytes of information carried between a 

conveniently represented as k-(k-e) yields the text e. The centwl ^ m endpomt those skilled in the art will 

subtraction operation is identical to the subtraction operation 25 TtC0 g^ 2C mc w licabflity of these teaching to otherspecific 

of step 210. Step (520 takes encrypted text ein the buffer and con texts. For example, the above method is readily 

outputs encrypted text d using the inventive techniques of expanded to accommodate encryption of 16-bit or 32-bit 

autokeyaiKlrotorenCTyrJdonasrjerfarmedbyM operation words as for cxamplc by usc of 16 . bit or 32 .bit 

of step 220 to yield the text d as shown by the expression: microprocessors, respectively. Further, instead of using mod 

M 1 e=M 1 M 2 d=4-^ecalling that M and M are inverses of 30 m addition and subtraction arithmetic operations, arim- 

each other and that (from step 240) e=M 3 d Step 630 flips the mctic operations in other groups (e.g. the exclusive or 

contents of text d in the buffer in a manner as described for operations which is "addition* 1 in binary n-space) may be 

step 230. The flipped buffer contents are c since step 630 uscd Furtncr still, any binary operation, not necessarily 

simply reverses step 230. Step 640 executes the M opera- commutative or associative, whose operation table forms a 

tion on the buffer contents to yield buffer contents b, as 35 squarc< ^ te usc ± The inventive method may be 

conveniently noted by observing M^M^M b=b. The M usc d m systems other than the system shown in FIG, 1 as for 

operation is similar to the operation described in step 240. cxa mple in encoding transmissions in wireless systems, etc. 

Finally, the original plain text a is recovered in step 650 by Note mat m mc codc m Appendix I, an emphasis was placed 

subtracting b from the key. k-b=k-<k-a)=a, where the on spcc d 0 f execution and on brevity of program size at the 

subtraction operation is of the Mnd used in step 250. Tlius, 40 of higher lcvcls of data security. Although the code 

the encryption operation of FIG. 2 with a given key is ^ Appendix I is regarded as sufficiently secure to applica- 

identical to the decryption method of FIG. 6 with the same tioM TtqvdliLg a moderate degree of security, the code in 

key* Appendix I can be lengthened to provide additional security, 

Recall that the above method utilizes a pair of read-only ^ for examp i c by increasing the number of transformations 

translation tables R and RL each of size 256 bytes. Table R 45 m aeps 220 and 240. Similarly, the number of autokey rotor 

advantageously holds a permutation of the 256 byte values, operations (i.e. steps 220 and 240) need not be restricted to 

ie. R is a permutation table. Table RI advantageously holds two Greater security can be obtained by making three or 

the inverse of table R. Consider the C code in Appendix I raore passe s, possibly interspersed with the flip operation of 

labeled Table R. The contents or entries of Table R are two ste p 230 or with more complicated operations which could 

digit hexadecimal (base 16) values as indicated by the "0x w 50 also be autokey rotor operations, 
prefix. The entry in table R at location row 0, column f (ie. 

coordinate (Of), where "T in hexadecimal corresponds to 15 APPENDIX I 

in base 10) is 0x04 indicating that coordinate (0,4) specify- 

Lag row 0. column 4 in table RI contains contents OxOf. ie. cipho(uchar buff ], int o, uchar k|i2)){ 

the inverse of the contents in table R. Note that the above 55 imaged char #4}, x, y; 

method may be implemented using a self-inverse permuta- °^q ; j; 

tion table so that R and RI are one and the same table. fbrfi '=0; kn; h+X 

FIG. 7 illustrates a system for implementing the above buffi] = k0) - buffi); 

encryption and decryption method in NIU 150^. The sys- i t* ; . _ Q 

tern comprises the following elements: micropTOcessor 715. 60 j 0= )J- » 

read only memory (ROM) 725 and random access memory pjoj = kjo]; 

(RAM) 755. The elements are connected by address and data pfi] - Mi]; 

busses 745 which provide means for transferring data and Pgj = Jgj; 

far sending and receiving control signals among the ele- ?L \T 

meats. An optional coaxial interface unit 705 may be used 65 fo^ii; km h-k >h0 { 

in FIG. 7 to render signals on the coax line suitable for use if(j=i2) j = 0; 
on bus 745. Bus 745 is also advantageously connected to 



05/13/2004, EAST 



Version: 1.4.1 



5,724,427 



11 



12 



APPENDIX I-continued 



APPENDIX I-continued 



y = x = bufti]; 
y = rlyj;y =p{0]-y, 
y = rly);y = p{l)-y; 
y = rtyj;y - p(2) - y; 
y = rjy];y «p(3]-yj 
y = rfrj: 
buf{i] = y; 
p[0]+=x; 

P [2]4=x; 

} 

for(i=0; i<j; j — K 
x = buf[i]; 

buf[j] = x; 



y-x = buf[i]> 
x = ri[x];x = p[3]-x; 
5 x = rifx); x = p[2) - x; 

x ~ri[x);x = p[l)-x; 
x = ri[x];x = p[0]-x; 
x = ri[x]; 
buffi] = x; 
Pl0j+=x; 

jo p[i)-*«y+*<i); 

) 

j = 0; 

fo?<i=0; i<n; 
15 buffi] = Wj]-buf[i]; 

} 



TABLE R 



Oxfd, 0x08, 0x51, QxOb, 0x68, Oxld, 0x22, 0xf4, Oxlc, 0x74, Qx5d, 0x64, 0x82, 0x56, 0x72, 0x04, 

0x75, Oxb7, Oxbb, 0x49, 0x14, 0x33, 0x48, Oxc7, 0x05, 0x42, Oxb8, OxcO, 0x81, Qxex, 0x95, 0x3a, 

Qxfl, Ox6e, 0x34, 0x65, 0x10, 0x5 f, Oxbc 0x50, 0x24, Gxe2, OxdS, 0x86, 0x27, Ox lb. 0x3d, OxeO, 

0x04, Oxfif, 0xf3, 0x90, 0x97, OxOf, Oxcl, Oxbf, Oxeb, 0x3e, 0xe6, OxOd, 0x7 f. Ox 2c, Oxce, 0x94, 

Qxcb, Oxba, Oxaa, 0x42, 0x13, Oxa5, 0x46, 0x66, 0xc9, 0x9c, Oxfc, Qxll, 0x9a, Oxed, Oxh5, 0xo4, 

0x4a, OteO, 0x2a, Oxal, 0x32, Oxfc, 0x23, Oxda, 0x5b, Oxff, 0x5*, OxfO, Oxdl, 0x47, 0x5a, OxfB, 

0x41, 0x58, 0x43, 0x84, 0x98, 0x39, Oxd7, 0x40, 0x83, 0xc4, 0xe9, 0x89, 0x01, 0x59, Qxde, OxOc, 

0x49, Oxlo, 0xd4, 0x61, 0x06, Oxd3, Oxc5, Oxle, 0x28, 0x38, Oxc3, 0x54, Oxb3, 0x99, 0x3c f 0x48, 

0x8a, 0x7c, Oxdc, 0x36, 0x63, 0xb4, Oxdd, 0xb2, 0x52, 0x17, 0x53, Oxcf, 0x02, Oxe7, Oxfb, 0x44, 

0xc5 T 0x6a, 0x29, 0x78, 0x09, 0x*8, Ox6d, 0x7b, 0x46, 0x41, Oxcd, 0x6b, Oxoc, 0x87, Ox If, 0x4c, 

Qxc8, 0xb6, Oxat Oxcl, 0x35, 0xc6, 0x77, Oxeo, Ox2f, 0x03, 0x60, Qxed, 0x£2, Oxdb, 0x96, Oxbl, 

0x26, OxdO, 0x20, Oxfc, 0x4b, 0x80, 0x9e, Oxfi, 0x9b, 0x12, 0x07, 0x70, 0x00, 0xa2, 0x19, 0x30, 

Qxee. 0x85, 0x2d, Oxb9, 0x93, 0x76, Oxa9, OxbO, 0x37, 0x8c, 0x6c, 0x71, Ox©, Oxec, 0x5c, Oxcd, 

0x91, 0x4c, 0x88, Qx3f, 0x62, 0x71, 0x9£, 0x69, 0x21, Oxc3, OxOs, 0x84, 0x79, QxOa, Oxfc, Oxcf, 

0x74, 0x57, Qx9d, 0x92, Oxbe, 0x55, 0x2*, 0x15, Ox8«, Oxa7, 0x31, 0x3b, Oxca, Oxdf, 0x44, 0x67, 

Ox6f, Qxbd, 0xf7, Oxa3, 0x45, 0xa8, 0x7c, Qxee, 0x8b, 0x16, 0x25, 0x18, 0x73, Oxab, 0x2b, Qxc2, 
}: 



TABLE RI 



uchar ri[256] 


= { 




























Oxbc, 


0x6c, 


0x8c, 


Oxrf>, 


OxOf, 


0x18, 


0x74, 


Oxba, 


0x01, 
Oxfb, 


0x94, 


Oxdd, 


0x03, 


Ox6f, 


0x3b, 


Oxda, 


0x35, 


0x24, 


0x4b, 


0xb9, 


0x44, 


0x14, 


Oxe7, 


0xf9, 


0x89, 


Oxbc, 


0x71, 


0x24, 


0x08, 


0x05, 


0x77, 


Qx9e, 


0xb2, 


OxdS, 


0x06, 


0x36, 


0x28, 


Oxfa, 


OxbO, 


0x2c, 


0x78, 


0x92, 


0x52, 


Oxfc, 


0x34, 


Qxc2, 


Oxcti, 


0xa8, 


Oxbf, 


Oxea, 


0x54, 


0x15, 


0x22, 


0xa4, 


0x83, 


Oxc8, 


0x79, 


0x65, 


OxlC, 


Qxeb, 


Ox7e, 


Ox2e, 


0x39, 


0xd3, 


0x67, 


0x60, 


0x19, 


0x62, 


Ox8f, 


0xf4, 


0x46, 


0x54, 


0x16, 


0x70, 
0x64, 


0x50, 


Qxb4, 


0x9t, 


Oxec, 


0x41, 


0x99, 


0x27, 


0x02, 


0x88, 


0x8a, 


0x7b, 


0xe5, 


OxOd, 


Oxel, 


0x61, 


0x5e, 


0x58, 


Oxce, 


OxOa, 


0x5a, 


0x25, 
OxfO, 


Oxaa, 


0x73, 


0xd4, 


0x84, 
Oxfc, 


OxOb, 


0x23, 


0x47, 


Owf, 


0x04, 


0x47, 


0x91, 


0x9b, 


Oxca, 


0x96, 


0x21, 


Oxbb, 


Qxd5, 


OxOe, 


0x09, 


0x10, 


Oxc5, 


Oxafi, 


0x93, 


Oxdc, 


Oxcb, 


0x97, 


Qxf6, 


OxeO, 


0x81, 


0x3c, 


OxbS, 


Oxlc, 


OxOc, 


0x68, 


0x63, 


Oxcl, 


0x2b, 


0x94, 


Oxdl, 


0x6b, 


0x80, 


QxfS, 


Qxc9, 


Oxdb, 


Oxefi, 


0x31, 


0x33, 


OxdO, 


0xe3, 


0xc4, 


Ox3f, 


Oxle, 


tore*, 


0x34, 


0x64, 


Ox7d, 


0x4c, 


OxbS, 


0x49, 


0xo2, 


Oxb6, 


0x46, 


0x51, 


0x53, 


Oxbd, 


Qxfl, 


0x4f, 


0x45, 


Oxab, 


0xe9, 


OxfS, 


Oxc6, 


0x42, 


Oxfd, 


Oxcd, 


Oxcf, 


OxcO, 


Oxa2, 


0xc7, 


Oxaf, 


0x87, 


0x7c, 


0x85, 


0x4c, 


Oxal, 


Oxll, 


Oxla, 


Oxc3, 


0x41, 


0x12, 


0x26, 


Qxfl, 


Oxe4, 


0x37, 


Ox lb, 


0x36, 


Oxff, 


0xd9, 


0x69, 


0x90, 


Oxa5, 


0x17, 


OxeO, 


0x48, 


Oxec, 


0x40, 


0x9c, 


0x9a, 


Ox3e, 


0x8b, 


Oxbl, 


0x5c, 


0x43, 


0x75, 


0x72, 


0x2a, 


0x98, 


0x66, 


Ox7t 


0x13, 


0x57, 


Qxed, 


0x82, 


0x86, 


0x6e, 


Oxed, 


Ox2f, 


Oxa3, 


0x29, 


0x7a, 


0x30, 


0x76, 


0x3a, 


0x84, 


0x95, 


0x6a, 


0xa7, 


0x38, 


Oxld, 


0x44, 


Oxf7, 


Oxdf, 


Qx5b, 


0x20, 


Oxec, 


0x32, 


0x07, 


Oxb7, 


0x4a, 


Ox£2, 


0x5f, 


Oxec, 


0xb3, 


0x8*, 


Oxdc, 


0x00, 


0x55, 


0x59, 



I claim: 

APPENDIX I-coatinued 1. In an apparatus, a method for encrypting/decrypting 

j 60 data in an array having at least one entry, comprising the 

PtO] = HO); steps of 

p(l]-kM; 
P(2] = x|2]; 
pP] = «3): 

farfti- kn; j> ♦){ 65 performing a first substitution of the at least one array 

ifG=i2) j = 0; entry, the first substitution being modified by a first 

rotational state vector, 
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performing a second substitution of the at least one array 
entry, the second substitution being modified by a 
second rotational state vector, 

modifying the first rotational state vector with the array 
entry before the first substitution; and 3 

modifying the second rotational state vector with the array 

entry after the second substitution. 
2. The method as recited in claim 1, wherein the first and 
second substitutions each further comprise the steps of; 
combining the respective rotational state vector with the 

array entry before substitution to create an address to a 

lookup table; 
reading the lookup table entry so addressed; and 



14 

substituting the array entry with the read entry. 

3. The method as recited in claim 2, wherein the lookup 
table is the same for all substitutions. 

4. The method as recited in claim 2, wherein the modi- 
fication steps each further comprise the step of subtracting 
from the respective rotational vector the array entry. 

5. The method as recited in claim 2, wherein the first and 
second state vectors are initialized as a function of a key. 

6. The method as recited in claim 5, wherein the previ- 
ously recited steps are repeated a plurality of times. 

7. The method as recited in claim 6* wherein the previ- 
ously recited steps are repeated for each entry in the array. 

* * * * * 
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